After updating to Draft: 18.104.22.16882, the ProCall client does not start and a message appears at Sophos
Information about ProCall Enterprise 7.4.1
In ProCall Release 7.4.1 () the Yealink SDK (libyealinkusbsdk.dll) for call control was no longer shipped with the installation due to the reasons listed below. Please note that even if you update from 7.4.0 to 7.4.1, the SDK will no longer be installed.
Yealink is working hard to resolve the false positive virus alerts when using "sophos Central Intercept X Advanced with XDR".
As soon as a solution is available, the SDK will also become an official part of ProCall 7 Enterprise again.
After updating the ProCall client to version 22.214.171.12482, it no longer starts.
Sophos reports "Malicious exploit ROP in estos ProCall"
In ProCall version 126.96.36.19982 the new feature "Yealink Headset HID support" is built in, for this a Yealink SDK was included.
C:\Program Files (x86)\estos\ProCall\driver\x86\Yealink → libyealinkusbsdk.dll
What has estos undertaken
We scanned the DLL with Virustotal and nothing malicious was found:
We have contacted Yealink, the feedback on this is still pending.
What you can do?
Report it to Sophos to whitelist this DLL.
There are the following three options:
- Create an exception in the Sophos
- A registry key can be set so that the SDK is not loaded when the ProCall client is started:
Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\SOFTWARE\ESTOS\UCServer4\CtiMain] "AVAudioExcludeHidSdk0"="Yealink"
- Delete the following folder on the client with the SDK (not update-safe):
C:\Program Files (x86)\estos\ProCall\driver\x86\Yealink